The folks over at Trend Micro have a good write up on a new type of phishing scam that has started floating around over the last week or so: Google AdWords Phishing.

It looks like the scammers are using the same general content in their phish with a couple of different variations on the subject line and the tagline that appears at the end of the message. 

The phishing link mentioned in Trend's blog points to a Chinese registered domain that appears to have been taken down as of the time of this posting, but being the resilient type that cyber criminals are they have started to send out a new spam run with links pointing a new domain (also Chinese registered): adwords.google.com.s0leo9.cn, which is currently still active. 

Below is a screen shot of one of the phish examples that we saw hit one of our spamtraps (note where it is different between here and the screen shot posted on Trend's blog):



From a volume standpoint these phishing attempts appear to be coming in waves.  For example, on Tuesday, May 6th our Threat Operations Center was seeing approximately 2,200 of these hitting our systems in the early morning hours up to about 7:00am.  After that it dropped off to about 2 per hour.  In the early morning hours of May 7th we were again seeing up to 550 per hour.  

This tactic won't resonate very well with most people as even though there are quite a few organizations out there who are using Google Adwords to promote their products on Google search result pages, the actual audience that this type of scam that this will make sense to is pretty limited.

According to Peter Gabriel's web site sometime on Sunday Night or Monday Morning their web servers were stolen from their data center. 

I wonder if they broke in with a Sledgehammer?  Or if they were Quiet and Alone?  I wonder if the RIAA will sue the thieves for stealing music?

Ok, enough jokes....

Kind of makes you wonder how they got in....or does it?  I've been speaking to several colleagues lately who either currently perform social engineering engagements or did them in previous lives and it is amazing to me the areas of buildings that they have been able to access and the confidential information that they have uncovered just by every day, common techniques that we all do: tailgating, acting like you misplaced your access badge, or just looking like you belong somewhere.

Then once they were in the data center, how did they access the cabinet that the servers were in?  Many cabinets go from the floor to the ceiling or have safeguards in place to prevent the cabinet from being compromised from on top.  They should also have at minimum either a keylock or combination lock (or both), not to mention that the data center should also have security cameras covering every square inch of floor space. 

We talk about proofs of concept very frequently where the occurrence of one crime is a finger pointing towards the potential occurrence of something much more damaging.  This is definitely one of those types of crimes.  If it can happen at this data center, what is to say that this same thing couldn't happen at any number of others as well?  What security policies does your data center have?  How well do they follow them?

We make a lot of assumptions with regards to the security of data centers, but all the technology controls in the world don't make a bit of difference if they can easily be bypassed.

It would be inappropriate for me to let this day go by without wishing a happy birthday to one of the most important and controversial terms of the early 21st century. 

Spam!

No, not SPAM!

Spam!

I try to shy away from actual definitions of spam because it's scope has gotten so much wider from when the first spam message was sent by Gary Thuerk to a large swath of ARPANET addresses 30 years ago this month.  

So, was Thuerk an overly aggressive marketer?  Or a pioneer setting the stage for modern day cybercrime?  In my opinion the answer is both, but to that I would add the disclaimer that if he didn't do it surely someone else would have. 

One could also make the claim that spam started even prior to that using the CTSS (Compatible Time-Sharing System) "mail" command back in 1971 where a developer wrote a long anti-war message that began with "THERE IS NO WAY TO PEACE.  PEACE IS THE WAY."  Despite being told that using the CTSS mail system in that way would likely be viewed as abusive he defended his position with the statement of "but this is important!"

Obviously spam has evolved quite a bit from its days of ARPANET and CTSS, but there are still a lot of parallels in why spam is sent.  The primary end-goal was the use of network technology and over the wire communication for the purpose of making money.  Whether that has to do with trying to sell a product (either legitimate or illegitimate) or trying to get a user to install adware or crimeware on their PC, money has been, still is, and will continue to be the primary reason for spam. 

As we also know, "Spam Ain't Just for Email Anymore." but still carries the common theme of network abuse.  Social and mobile networks have been common recent additional avenues that spammers have been exploiting as well through SMS spam, blog spam.  Also, communication technologies like Instant Messenger and Voice over IP (VoIP) haven't been immune either whose abuse have borne acronyms like SPIM and SPIT.

Bill Gates was clearly way off base when he predicted in January, 2004 that spam would be gone in two years.  Spam is more prevalent than ever not only in our inboxes, but in just about every way that we communicate and collaborate.  As long as people continue to respond to spam it isn't going anywhere.  In fact, it will only continue to become more pervasive and unavoidable.